Socom
asked on
Internal SSL error with exchange 2007, extrenal works fine
Assuming the following.
WWW Domain: www.abc123.com
Interal Domain: abc
mail server: server1
Mail Server External: mail.abc123.com
Mail Server Internal: server1.abc123.com
So the SSL is registered to mail.abc123.com, works great both externally and internally when going to the OWA page, however internally, outlook is trying to access server1.abc123.com and gives me an SSL Mistmatch error everytime.
I dont know what to do to fix this, I have checked the forums, seems more people are having the opposite problem. Any help would be greatly appreciated.
WWW Domain: www.abc123.com
Interal Domain: abc
mail server: server1
Mail Server External: mail.abc123.com
Mail Server Internal: server1.abc123.com
So the SSL is registered to mail.abc123.com, works great both externally and internally when going to the OWA page, however internally, outlook is trying to access server1.abc123.com and gives me an SSL Mistmatch error everytime.
I dont know what to do to fix this, I have checked the forums, seems more people are having the opposite problem. Any help would be greatly appreciated.
If you want to use more than one name you'll need to define a SAN (Subject Alternative Name: http://en.wikipedia.org/wiki/Subject_Alternative_Name ) so that both names are valid for your certificate. Depending upon your Certificate Authority (VeriSign, Entrust, etc) how SAN names are issued, what type of certificate you may need and cost will vary.
Forgot to mention using a wild card certificate may be an option for you also. WildCard ssl certificates allow you to secure any subdomain of your domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm not sure if this would actually work but you could possibly use a CNAME dns record internally.
ASKER
Akhater, thank you I tried that a bit on my own earlier today, but I guess I must have missed something, I will give it a try tomorrow and reply back.
if you have troubles let me know I can help out with it
ASKER
Akhater,
the second link: or if you prefer this script http://www.exchangeninjas.com/set-allvdirs
doesnt seem to work for me. Do I need to be registered on that site?
the second link: or if you prefer this script http://www.exchangeninjas.com/set-allvdirs
doesnt seem to work for me. Do I need to be registered on that site?
Create an A record on you internal DNS server to resolve to mail.abc123.com and this points to the Ip address of the CAS server. Ask internal user's to use the same URL to access OWA.
ASKER
eddie_86
Owa works, even internal, its just outlook, it wants to grab the server name.
Owa works, even internal, its just outlook, it wants to grab the server name.
Hi,
No there is no need to register but it seems the site is down ...
I have a copy of the script I will attach it here, rename it to .ps1 and run it
set-allvdirs.txt
No there is no need to register but it seems the site is down ...
I have a copy of the script I will attach it here, rename it to .ps1 and run it
set-allvdirs.txt
ASKER
Eddie_86: Tried it after your post, really had high hopes, but now I have not only my original security error, now its saying it is expired... ugg
Akhater: I have your script, renamed it to .ps1 however its not runable, it just opens up in notepad. How do I run this?
And thank you
Akhater: I have your script, renamed it to .ps1 however its not runable, it just opens up in notepad. How do I run this?
And thank you
ASKER
Akhater:
Ok I got it to run, gave me a lot of errors, still not working :/ it only askes for the external, which i gave.
Any thoughts? I am also now getting a Cert Expired since I did the MS page that Edddie Suggested. Everything still works fine externally
Ok I got it to run, gave me a lot of errors, still not working :/ it only askes for the external, which i gave.
Any thoughts? I am also now getting a Cert Expired since I did the MS page that Edddie Suggested. Everything still works fine externally
ASKER
Akhater:
Looks like everything works! So thank you! Only thing I had to do that i found somewhere else was to recycle the IIS Autodiscovery.
So thanks again!
Looks like everything works! So thank you! Only thing I had to do that i found somewhere else was to recycle the IIS Autodiscovery.
So thanks again!